Solved CS:S TriggerBot not hooking to hl2.exe

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Sonfloro

Newbie
Sep 24, 2014
4
117
1
Okay so I was using Fleep's Triggerbot tutorial and tried it myself, I followed everything exact except for the values needed for CrosshairID, PlayerBase, etc. because of a newer version of css being out.

My problem after using breakpoints in my code was that it's not hooking to hl2.exe and getting values. I've looked through google and this forum for someone with a similar problem, I've even tried looking for an updated HackProcess.h thinking it was outdated, but alas I came up dry.

Here's the code I'm using right now, I'm using Microsoft Visual Studio to compile and run, my OS is Windows 10 Pro 64bit, and the latest update for css via steam.

HackProcess.h

C++:
#pragma once

#include <Windows.h>
#include <TlHelp32.h>

//THIS FILE SIMPLY DOES MOST OF THE BACKEND WORK FOR US, 
//FROM FINDING THE PROCESS TO SETTING UP CORRECT ACCESS FOR US 
//TO EDIT MEMORY 
//IN MOST GAMES, A SIMPLER VERSION OF THIS CAN BE USED, or if you're injecting then its often not necessary
//This file has been online for quite a while so credits should be shared but im using this from NubTIK
//So Credits to him and thanks

class CHackProcess
{
public:

	PROCESSENTRY32 __gameProcess;
	HANDLE __HandleProcess;
	HWND __HWNDCss; 
	DWORD __dwordClient;
	DWORD __dwordEngine;
	DWORD __dwordOverlay;
	DWORD __dwordVGui;
	DWORD __dwordLibCef;
	DWORD __dwordSteam; 
	DWORD FindProcessName(const char *__ProcessName, PROCESSENTRY32 *pEntry)
	{	 
		PROCESSENTRY32 __ProcessEntry;
		__ProcessEntry.dwSize = sizeof(PROCESSENTRY32);
		HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
		if (hSnapshot == INVALID_HANDLE_VALUE) return 0;        if (!Process32First(hSnapshot, &__ProcessEntry))
		{
			CloseHandle(hSnapshot);
			return 0;
		}
		do{if (!_strcmpi(__ProcessEntry.szExeFile, __ProcessName))
		{
			memcpy((void *)pEntry, (void *)&__ProcessEntry, sizeof(PROCESSENTRY32));
			CloseHandle(hSnapshot);
			return __ProcessEntry.th32ProcessID;
		}} while (Process32Next(hSnapshot, &__ProcessEntry));
		CloseHandle(hSnapshot);
        return 0;
}


DWORD getThreadByProcess(DWORD __DwordProcess)
{	 
		THREADENTRY32 __ThreadEntry;
		__ThreadEntry.dwSize = sizeof(THREADENTRY32);
		HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
		if (hSnapshot == INVALID_HANDLE_VALUE) return 0;

		if (!Thread32First(hSnapshot, &__ThreadEntry)) {CloseHandle(hSnapshot); return 0; }

        do {if (__ThreadEntry.th32OwnerProcessID == __DwordProcess)
		{
			CloseHandle(hSnapshot);
			return __ThreadEntry.th32ThreadID;
		}} while (Thread32Next(hSnapshot, &__ThreadEntry)); 
		CloseHandle(hSnapshot);       
		return 0;
}

DWORD GetModuleNamePointer(LPSTR LPSTRModuleName, DWORD __DwordProcessId)
{ 
		MODULEENTRY32 lpModuleEntry = {0};
		HANDLE hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, __DwordProcessId);
		if(!hSnapShot)
			return NULL;  
		lpModuleEntry.dwSize = sizeof(lpModuleEntry);
		BOOL __RunModule = Module32First( hSnapShot, &lpModuleEntry );
		while(__RunModule)
		{
			if(!strcmp(lpModuleEntry.szModule, LPSTRModuleName ) )
			{CloseHandle( hSnapShot );
			return (DWORD)lpModuleEntry.modBaseAddr;
			}
			__RunModule = Module32Next( hSnapShot, &lpModuleEntry );
		}
		CloseHandle( hSnapShot );
		return NULL;
}


void runSetDebugPrivs() 
{
	HANDLE __HandleProcess=GetCurrentProcess(), __HandleToken;
	TOKEN_PRIVILEGES priv;
	LUID __LUID; 
	OpenProcessToken(__HandleProcess, TOKEN_ADJUST_PRIVILEGES, &__HandleToken);
	LookupPrivilegeValue(0, "seDebugPrivilege", &__LUID);
    priv.PrivilegeCount = 1;
	priv.Privileges[0].Luid = __LUID;
	priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    AdjustTokenPrivileges(__HandleToken, false, &priv, 0, 0, 0);
	CloseHandle(__HandleToken);
	CloseHandle(__HandleProcess);
}
	
	
	
void RunProcess()
{
	//commented lines are for non steam versions of the game
	runSetDebugPrivs();
	while (!FindProcessName("hl2.exe", &__gameProcess)) Sleep(12);
	while (!(getThreadByProcess(__gameProcess.th32ProcessID))) Sleep(12);
	__HandleProcess = OpenProcess(PROCESS_ALL_ACCESS, false, __gameProcess.th32ProcessID); 
	while(__dwordClient == 0x0) __dwordClient = GetModuleNamePointer("client.dll", __gameProcess.th32ProcessID);
	while(__dwordEngine == 0x0) __dwordEngine = GetModuleNamePointer("engine.dll", __gameProcess.th32ProcessID);
	//while(__dwordOverlay == 0x0) __dwordOverlay = GetModuleNamePointer("gameoverlayrenderer.dll", __gameProcess.th32ProcessID);
	while(__dwordVGui == 0x0) __dwordVGui = GetModuleNamePointer("vguimatsurface.dll", __gameProcess.th32ProcessID);
	//while(__dwordLibCef == 0x0) __dwordLibCef = GetModuleNamePointer("libcef.dll", __gameProcess.th32ProcessID);
//	while(__dwordSteam == 0x0) __dwordSteam = GetModuleNamePointer("steam.dll", __gameProcess.th32ProcessID); 
	__HWNDCss = FindWindow(NULL, "Counter-Strike Source"); 
}
};

extern CHackProcess fProcess;
Main.cpp
C++:
#include <Windows.h>
#include <iostream>
#include "HackProcess.h"


CHackProcess fProcess;
using namespace std;

const DWORD Player_Base = 0x503120;

#define F6_KEY 0X75
bool b_ShotNow = false;
const DWORD dw_attack = 0x4F3B48;
const DWORD dw_teamOffset = 0x9C;

int i_shoot = 5;
int i_Dontshoot = 4;

int NumOfPlayers = 32;
const DWORD dw_PlayerCount = 0x5D293C;
const DWORD dw_crosshairOffs = 0x145c;

const DWORD dw_entityBase = 0x4D3904;

const DWORD dw_EntityLoopDistance = 0x10;

struct MyPlayer {
	DWORD CLocalPlayer;
	int Team;
	int CrosshairEntityID;

	void ReadInformation() {
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordClient + Player_Base), &CLocalPlayer, sizeof(DWORD), 0);
		//Team
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CLocalPlayer+dw_teamOffset), &Team, sizeof(int), 0);
		//Crosshair
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CLocalPlayer + dw_crosshairOffs), &CrosshairEntityID, sizeof(int), 0);

		//Number Of Players
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordEngine + dw_PlayerCount), &NumOfPlayers, sizeof(int), 0);

	}
}MyPlayer;


struct PlayerList {
	DWORD CBaseEntity;
	int Team;

	void ReadInformation(int Player) {
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordClient + dw_entityBase + (Player * dw_EntityLoopDistance)), &CBaseEntity, sizeof(DWORD), 0);

		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CBaseEntity + dw_teamOffset), &Team, sizeof(int), 0);
	}
}PlayerList[32];

void TriggerBot()
{
	//Diable Attack
	if (!b_ShotNow)
	{
		WriteProcessMemory(fProcess.__HandleProcess, (int*)(fProcess.__dwordClient + dw_attack), &i_Dontshoot, sizeof(int), NULL);
		b_ShotNow = !b_ShotNow;
;
	}

	if (MyPlayer.CrosshairEntityID == 0)
		return;

	if (PlayerList[MyPlayer.CrosshairEntityID - 1].Team == MyPlayer.Team)
		return;

	if (MyPlayer.CrosshairEntityID > NumOfPlayers)
		return;

	//Attack
	if (!b_ShotNow)
	{
		WriteProcessMemory(fProcess.__HandleProcess, (int*)(fProcess.__dwordClient + dw_attack), &i_shoot, sizeof(int), NULL);
		b_ShotNow = !b_ShotNow;
	}



}








int main()
{
	fProcess.RunProcess();
	cout << "Game Found! Running Triggerbot" << endl;


	while (!GetAsyncKeyState(F6_KEY))
	{
		MyPlayer.ReadInformation();


		for (int i = 0; i < NumOfPlayers; i++)
		{
			PlayerList[i].ReadInformation(i);

		}

		TriggerBot();
	}


}
 

Sonfloro

Newbie
Sep 24, 2014
4
117
1
Okay a little update on what I've done, so far I've figured out the bad value was my crosshairOffset and I fixed that calculation, but now my problem is that the Triggerbot is not shooting, I've double checked all of my hex values and they are all correct. Here is what my code is now


C++:
#include <Windows.h>
#include <iostream>
#include "HackProcess.h"


CHackProcess fProcess;
using namespace std;

const DWORD Player_Base = 0x503120;

#define F6_KEY 0X75
bool b_ShotNow = false;
const DWORD dw_attack = 0x4F3B48;
const DWORD dw_teamOffset = 0x9C;

int i_shoot = 5;
int i_Dontshoot = 4;

int NumOfPlayers = 32;
const DWORD dw_PlayerCount = 0x5D293C;
const DWORD dw_crosshairOffs = 0x14f0;

const DWORD dw_entityBase = 0x4D3904;

const DWORD dw_EntityLoopDistance = 0x10;

struct MyPlayer {
	DWORD CLocalPlayer;
	int Team;
	int CrosshairEntityID;

	void ReadInformation() {
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordClient + Player_Base), &CLocalPlayer, sizeof(DWORD), 0);
		//Team
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CLocalPlayer + dw_teamOffset), &Team, sizeof(int), 0);
		//Crosshair
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CLocalPlayer + dw_crosshairOffs), &CrosshairEntityID, sizeof(int), 0);

		//Number Of Players
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordEngine + dw_PlayerCount), &NumOfPlayers, sizeof(int), 0);

	}
}MyPlayer;


struct PlayerList {
	DWORD CBaseEntity;
	int Team;

	void ReadInformation(int Player) {
		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(fProcess.__dwordClient + dw_entityBase + (Player * dw_EntityLoopDistance)), &CBaseEntity, sizeof(DWORD), 0);

		ReadProcessMemory(fProcess.__HandleProcess, (PBYTE*)(CBaseEntity + dw_teamOffset), &Team, sizeof(int), 0);
	}
}PlayerList[32];

void TriggerBot()
{
	//Diable Attack
	if (!b_ShotNow)
	{
		WriteProcessMemory(fProcess.__HandleProcess, (int*)(fProcess.__dwordClient + dw_attack), &i_Dontshoot, sizeof(int), NULL);
		b_ShotNow = !b_ShotNow;

	}

	if (MyPlayer.CrosshairEntityID == 0) 
	return;

	if (PlayerList[MyPlayer.CrosshairEntityID-1].Team == MyPlayer.Team) 
		return;
	
	if (MyPlayer.CrosshairEntityID > NumOfPlayers) 
		return;
	
	//Attack
	if (!b_ShotNow)
	{
		WriteProcessMemory(fProcess.__HandleProcess, (int*)(fProcess.__dwordClient + dw_attack), &i_shoot, sizeof(int), NULL);
		b_ShotNow = !b_ShotNow;
	}



}








int main()
{
	fProcess.RunProcess();
	cout << "Game Found! Running Triggerbot" << endl;


	while (!GetAsyncKeyState(F6_KEY))
	{
		MyPlayer.ReadInformation();


		for (int i = 0; i < NumOfPlayers; i++)
		{
			PlayerList[i].ReadInformation(i);

		}

		TriggerBot();
	}


}

[EDIT] I found the solution, I had the trigger bot only check if I just shot, not if I haven't shot yet, so I changed that and it's working now, thank you guys for helping me figure out one of my hex addresses was incorrect, I really appreciate it! :)
 
Last edited:

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,294
37,938
269
Debug run process and tell us where it goes wrong. Take care to note that an application cannot get debug privileges unless it's been run as admin first.
 

Sonfloro

Newbie
Sep 24, 2014
4
117
1
I ran the program with admin privileges and this is what the debug output said:

'CSSTriggerBot.exe' (Win32): Loaded 'C:\Users\Sam\Desktop\CSSTriggerBot\Debug\CSSTriggerBot.exe'. Symbols loaded.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ntdll.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\kernel32.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\KernelBase.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\user32.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\gdi32.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\advapi32.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msvcrt.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sechost.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\rpcrt4.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sspicli.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\cryptbase.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\bcryptprimitives.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\vcruntime140d.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ucrtbased.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msvcp140d.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\imm32.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msctf.dll'. Cannot find or open the PDB file.
'CSSTriggerBot.exe' (Win32): Loaded 'C:\Program Files (x86)\AVG\Av\avghookx.dll'. Cannot find or open the PDB file.
Exception thrown at 0x01322B63 in CSSTriggerBot.exe: 0xC0000005: Access violation reading location 0x1FEC549C.


I hope this is what you mean, I'm not 100% familiar with Visual Studios

[EDIT] Okay after messing around I found out when running visual studio as admin and then running my program as admin it will hook to hl2.exe ( I think my problem was that I run steam as admin), but now I'm getting a crash from what looks like the teammate "if" statement in the TriggerBot Function.
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,061
78,998
2,370
So you got a Access Violation error, step through the code from the top to the bottom and you will know which line of code is broken.
 

Sonfloro

Newbie
Sep 24, 2014
4
117
1
Okay I've found out that I'm getting a crash when my main() executes TriggerBot(), everything before that works fine right now, but I have no idea whats wrong in my TriggerBot function
 

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Okay I've found out that I'm getting a crash when my main() executes TriggerBot(), everything before that works fine right now, but I have no idea whats wrong in my TriggerBot function
Breakpoint on the call, then step in and watch your variables after each call and operation done.
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods